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WHAT IS CLAIMED IS: 

1 1 . A method for extracting a verification model from source code comprising the steps of: 

2 defining a control flow for procedures in the source code; 

3 generating source strings for selected elements of the source code; 

4 associating the source strings to an interpretation according to a plurality of prioritized 

5 mapping rules; 

6 applying the associated interpretation to the source strings to translate the source strings 

7 to strings of a target language; 

8 generating the verification model in the target language, the generating step including the 
3 9 step of populating the control flow with the strings of the target language, wherein the 

OIlO verification model conforms to the control flow; and 

Wl 1 optimizing the verification model according to a property to be verified. 

1„ l 2. The method of claim 1 wherein the plurality of mapping rules comprises at least one 

o 

2 explicit mapping. 

?\ 1 3 . The method of claim 1 wherein the plurality of mapping rules comprises at least one data 

2 restriction. 

1 4. The method of claim 1 wherein the plurality of mapping rules comprises at least one 

2 default type rule. 

1 5. The method of claim 2 wherein the plurality of mapping rules comprises at least one 

2 explicit mapping, at least one data restriction and at least one default type rule. 
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1 6. The method of claim 2, wherein associating the source strings to an interpretation 

2 according to a plurality of prioritized mapping rules comprises the further steps of: 

3 for each source string: 

4 (a) searching a lookup table for an explicit mapping that matches the source string; 

5 (b) if a matching explicit mapping is found in step (a), associating the source string to the 

6 interpretation corresponding to the explicit mapping; 

7 (c) if no matching explicit mapping is found in step (a), determining if a data restriction 

8 applies to the source string; 

„„ 9 (d) if a single applicable data restriction is determined in step (c) ? associating the source 

f fl 0 string to the interpretation corresponding to the single applicable data restriction; 

pi 1 (e) if a plurality of applicable data restrictions are determined in step (c), selecting one of 

1812 the applicable data restrictions and associating the source string to the interpretation 

1,13 corresponding to the selected data restriction; 

|!Jl4 (f) if no applicable data restriction is found in step (c), associating the source string to the 

P?l 5 interpretation according to a default type rule. 

1 7. The method of claim 6 wherein the lookup table contains source string patterns 

2 representing a plurality of entries in the lookup table, wherein searching the lookup table 

3 includes searching for the source string patterns. 

1 8. The method of claim 1 wherein the application of the mapping rules causes the 

2 translating of the source strings to respective equivalent statements in the target language when 

3 the selected source code elements are fully relevant to a property to be tested and the translating 
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4 of the source strings to nul statements in the target language when the selected source code 

5 elements are irrelevant to the property to be tested. 

1 9. The method of claim 1 , wherein the source code is selected from the group comprising C, 

2 C++, and Java. 

1 10. In a computer-based model checker, a method for automatically verifying a property of a 

2 system using the system source code, the model checker operable to check a verification model 

3 for the property, comprising the steps of: 

4 inputting the source code, a conversion table, a representation of the property and an 

U 5 optional preferences file to the apparatus, the conversion table including strings corresponding to 

f£ 6 strings of the source code and interpretations mapped to the strings, the preferences file including 

=7s 7 interpretations for overriding default rule interpretations; 

til 8 programming the model checker with default rule interpretations, wherein the default rule 

O 9 interpretations when applied by the model checker translate source code strings to a language of 

f-ft 0 the model checker; 

f fl 1 defining a control flow for each procedure in the source code; 

12 selecting source code strings for translation from the source code to the language of the 

13 model checker; 

14 for each selected string: 

1 5 according to a predetermined priority, 

16 searching the conversion table for entries corresponding to the selected 

17 string; 

1 8 translating the selected string according to the interpretation mapped to the 

19 selected string; 
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20 applying the default rule interpretation corresponding to the selected 

21 string; and 

22 overriding the default rale interpretation according to an entry in the 

23 preferences file; 

24 populating the control flow with the interpretations to provide the verification model; and 

25 checking the verification model for the property. 

1 11. A computer based model checker comprising: 

2 a processor for executing instructions; 

3 storage accessible to the processor for storing the instructions, a lookup table, default 



III 4 rales, source code of a system, a property to be verified and an optional preferences file, 



r| 5 the instructions causing the processor to: 

pi 6 parse the source code and to define a control flow for procedures in the source 

^ 7 code; 

f s l 8 generate source strings for selected source code elements; 

f 4 9 selectively associate the source strings to an interpretation according to a plurality 

'10 of mapping rules, including mapping rules defined in the lookup table, in the default rules and in 

1 1 the optional preferences file; 

12 apply the associated interpretation to the source strings to translate the source 

13 strings to strings which can be operated on by the model checker; 

14 populate the control flow with the strings, the populated control flow being a 

1 5 verification model; and 

16 check the verification model for the property; and 

17 an output device responsive to the processor for providing a result of the check. 
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1 12. The computer based model checker of claim 1 1 wherein the model checker is a SPIN 

2 model checker. 

1 13. The computer based model checker of claim 1 1 wherein the interpretations comprise 

2 print, hide, comment and keep, wherein print embeds the source string into a print action of the 

3 model checker, hide excludes the source string from representation in the verification model, 

4 comment includes the source string in the verification model as a comment, and keep preserves 

5 the source string in the verification model. 

1 14. The computer based model checker of claim 13 wherein the keep preserves the source 

2 string in the verification model subject to global substitute rules. 

1 15. The computer based model checker of claim 1 1 wherein the lookup table includes entries 

2 corresponding to branch conditions. 

1 16. The computer based model checker of claim 1 5 wherein the entries corresponding to 

2 branch conditions include entries for introducing a nondeterministic choice to the verification 

3 model. 
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